Re: [exim] exigrep on rejectlog

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMjean-paul natola at <-
MMW B Hacker at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] exigrep on rejectlog
Marc Sherman wrote:
> jean-paul natola wrote:
>> thats what I thought, However, see below
>>
>> milter# grep jnatola /var/log/exim/rejectlog
>> Envelope-to: <jnatola@???>
>>         for jnatola@???; Fri, 05 Jan 2007 11:45:33 -0500
>> T To: jnatola@???
>> Envelope-to: <jnatola@???>
>>         for jnatola@???; Fri, 05 Jan 2007 12:27:31 -0500
>> T To: jnatola@???

>>
>
> Exigrep does not, in fact, work on rejectlog in the general case. It
> only works on the lines within rejectlog that happen to look like
> standard exim mainlog lines, because the way exigrep works is by finding
> lines with matches, finding the messageids those lines apply to, and
> then finding all log lines relating to those message ids.

That may indeed be the 'plan'.

> Since the
> header dump parts of the rejectlog don't have message ids on them, it
> doesn't work.
>
> - Marc
>

But where in this is there a message ID? (more on which below...)

====

conducive# exigrep 203.177.244.141 /var/log/exim/rejectlog
2006-10-22 00:15:44 H=(PC.97seezf.com) [203.177.244.141]:2237
I=[203.194.153.81]:25 F=<Hairstonbeethoven@???> rejected RCPT
<supportinfo@???>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5
supportinfo@??? invalid address: No such account here.

2006-10-22 00:15:44 H=(PC.97seezf.com) [203.177.244.141]:2237
I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid
rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors

2006-10-22 00:15:50 H=(PC.jdarno.net) [203.177.244.141]:2384
I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid
rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors

2006-10-22 00:16:09 H=(PC) [203.177.244.141]:2413 I=[203.194.153.81]:25
F=<Broussardcanis@???> rejected RCPT <supportinfo@???>:
H7 0 invalid rDNS=20 Mismatched ID in HELO=5 supportinfo@??? invalid
address: No such account here.

2006-10-22 00:16:09 H=(PC) [203.177.244.141]:2413 I=[203.194.153.81]:25 rejected
DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5
Missing rDNS PTR record=150 RFC errors

2006-10-22 00:16:32 H=(PC) [203.177.244.141]:2622 I=[203.194.153.81]:25
F=<Marionagreeing@???> rejected RCPT <supportinfo@???>: H7
0 invalid rDNS=20 Mismatched ID in HELO=5 supportinfo@??? invalid
address: No such account here.

2006-10-22 00:16:32 H=(PC) [203.177.244.141]:2622 I=[203.194.153.81]:25 rejected
DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5
Missing rDNS PTR record=150 RFC errors

2006-10-22 00:17:20 H=(t3sug.1eab.optonline.net) [203.177.244.141]:2956
I=[203.194.153.81]:25 F=<Moralesde@???> rejected RCPT
<supportinfo@???>: H7 0 invalid rDNS=20 Source HELO Name
Blacklisted=50 Mismatched ID in HELO=5 supportinfo@??? invalid
address: No such account here.

2006-10-22 00:17:20 H=(t3sug.1eab.optonline.net) [203.177.244.141]:2956
I=[203.194.153.81]:25 rejected DATA: PD16 235 RFC points for H7 0 invalid
rDNS=20 Source HELO Name Blacklisted=50 Mismatched ID in HELO=5 Missing rDNS
PTR record=150 RFC errors

2006-10-22 00:17:24 H=(PC) [203.177.244.141]:3059 I=[203.194.153.81]:25 rejected
DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5
Missing rDNS PTR record=150 RFC errors

2006-10-22 00:17:30 H=(PC.me1uey.org) [203.177.244.141]:3066
I=[203.194.153.81]:25 F=<Hesteraccretion@???> rejected RCPT
<supportinfo@???>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5
supportinfo@??? invalid address: No such account here.

2006-10-22 00:17:30 H=(PC.me1uey.org) [203.177.244.141]:3066
I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid
rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors

2006-10-22 00:19:13 H=(PC) [203.177.244.141]:3736 I=[203.194.153.81]:25
F=<Everettdither@???> rejected RCPT <supportinfo@???>: H7 0
invalid rDNS=20 Mismatched ID in HELO=5 supportinfo@??? invalid
address: No such account here.

2006-10-22 00:19:13 H=(PC) [203.177.244.141]:3736 I=[203.194.153.81]:25 rejected
DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5
Missing rDNS PTR record=150 RFC errors

2006-10-22 00:19:14 H=(PC) [203.177.244.141]:3740 I=[203.194.153.81]:25 rejected
DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5
Missing rDNS PTR record=150 RFC errors

2006-10-22 00:19:15 H=(PC) [203.177.244.141]:3742 I=[203.194.153.81]:25
F=<Connellappeal@???> rejected RCPT <supportinfo@???>: H7 0
invalid rDNS=20 Mismatched ID in HELO=5 supportinfo@??? invalid
address: No such account here.

2006-10-22 00:19:15 H=(PC) [203.177.244.141]:3742 I=[203.194.153.81]:25 rejected
DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5
Missing rDNS PTR record=150 RFC errors

===

Next, I took the timestamp 'range' and manually looked at both ~/mainlog and
~/rejectlog to see if those entries show a messageID anythere.

It may (should) exist in the (any) message - at least that gets as far as the
'DATA' phase before rejection.

BUT:

- Running with: 'log_selector = +all -all_parents -queue_run -arguments'
(which does not omit message-ID's)

- A Mark-I eyeball search of the time-range for the above in both ~/mainlog and
~/rejectlog does NOT list a message ID.

- Further, traffic rejected at RCPT time should not have had either an
Exim-assigned ID yet applied, NOR have onpassed 'visible' header/body content
(which awaits DATA phase) that would have included sender-MUA/MTA assigned
messageID.

Weird, that.

Bug? "Feature"? Anomaly specific to bog-standard 4.6X FreeBSD port install?

Now curious...

Bill





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exigrep on rejectlogRe: [exim] exigrep on rejectlog->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)